Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NetBird SSH #361

Merged
merged 53 commits into from
Jun 23, 2022
Merged

NetBird SSH #361

merged 53 commits into from
Jun 23, 2022

Conversation

braginini
Copy link
Contributor

No description provided.

braginini added 28 commits June 6, 2022 14:11
@braginini
Add SSH server
fbdbf9e
@braginini
Add SSH config to the Management gRPC protocol
39b222b
@braginini
Add SSH roundtrip
f8fe1f5
@braginini
Generate SSH key on startup and pass to Management
e7547d0
@braginini
Update SSH key on management
e063086
@braginini
Add PTY to SSHServer
6557a55
@braginini
Cleanup SSH code a bit
f507428
@braginini
Merge remote-tracking branch 'origin/main' into feature/ssh
ff5d961
@braginini
Add SSH cmd
4bdeceb
@braginini
Add SSH cmd port flag
bf69b1c
@braginini
Use ED25519 keys
71e82b7
@braginini
Fix build on windows
414fafa
@braginini
Use local SSH key to connect to the remote NetBird SSH server
c53e3b1
@braginini
Add missing SSH method to account manager mock
5491d95
@braginini
Fix golint issues
3a2ea46
@braginini
Fix codacy
2cf8ed6
@braginini
Fix codacy
47c7993
@braginini
Associate public WG key with SSH key
136dedd
@braginini
Minor refactor
5f23382
@braginini
Add Remove and Add authorized keys test
e40c84d
@braginini
Test Multiple SSH keys
30683d7
@braginini
Add Engine test for SSH server
1f42452
@braginini
Add SSH server interface
e6773d1
@braginini
Fix codacy issues
aa57c3d
@braginini
Verify SSH server usage in Engine
c14e26b
@braginini
Stop engine after SSH test finished
fecb0c9
@braginini
Merge branch 'main' into feature/ssh
840d8b7
@braginini
go mod tidy
81f475a
@braginini
Copy link
Contributor Author

If an agent has been upgraded from any version without SSH support, all others won't receive an update indicating that SSH is now possible to this peer.
Should be fixed

mlsmaycon
mlsmaycon requested changes Jun 18, 2022
View reviewed changes
client/internal/config.go Outdated
@@ -145,7 +158,7 @@ func GetConfig(managementURL, adminURL, configPath, preSharedKey string) (*Confi
} else {
// don't overwrite pre-shared key if we receive asterisks from UI
pk := &preSharedKey
if preSharedKey == "**********" {
if preSharedKey == "**********" || preSharedKey == "" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we shouldn't dismiss empty string as sometimes user wants to remove a preshared key from its config

client/internal/engine.go Outdated
//nil sshServer means it has not yet been started
var err error
e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
fmt.Sprintf("%s:%d", e.wgInterface.Address.IP.String(), 2222))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

port should come from config for cases when port 2222 is already in use

client/internal/engine.go Show resolved Hide resolved
client/internal/engine_test.go
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, &EngineConfig{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets avoid using same interface configuration between tests

client/internal/engine.go
@@ -54,6 +55,8 @@ type EngineConfig struct {

// UDPMuxSrflxPort default value 0 - the system will pick an available port
UDPMuxSrflxPort int

SSHKey []byte
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should distinguish private and public ssh keys, here we store private key but other methods use sshKey for public SSH Key (e.g. Login)

client/ssh/util.go Outdated
const RSAKeySize = 2048

// GeneratePrivateKey creates RSA Private Key of specified byte size
func GeneratePrivateKey(t KeyType) ([]byte, error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's avoid using single-letter input variables

client/ssh/window_unix.go Outdated
"unsafe"
)

func setWinSize(f *os.File, w, h int) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's avoid using single-letter input variables

client/ssh/window_windows.go Outdated
"os"
)

func setWinSize(f *os.File, w, h int) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's avoid using single-letter input variables

management/server/grpcserver.go Show resolved Hide resolved
management/server/grpcserver.go Outdated
@@ -365,7 +384,8 @@ func toWiretrusteeConfig(config *Config, turnCredentials *TURNCredentials) *prot

func toPeerConfig(peer *Peer) *proto.PeerConfig {
return &proto.PeerConfig{
Address: fmt.Sprintf("%s/%d", peer.IP.String(), SubnetSize), // take it from the network
Address: fmt.Sprintf("%s/%d", peer.IP.String(), SubnetSize), // take it from the network
SshConfig: &proto.SSHConfig{SshEnabled: true}, //TODO REMOVE THIS HARDCODED VALUE
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove hardcoded flag

braginini added 21 commits June 21, 2022 13:46
@braginini
Sync network map when updating peer
3e74090
@braginini
Fix deadlock when distributing network updates
20d9059
@braginini
Let pre-shared key to be removed
f748e57
@braginini
Clean SSH server when failed to start
14bcfea
@braginini
Use different interface name in engine test
11d7c2e
@braginini
Rename sshKey to pubSSHKey not to confuse with a private key
1d803a4
@braginini
Avoid single letter variable definition
12a6e07
@braginini
Avoid single letter variable definition
99b1ddd
@braginini
Replace SSH port to 44337
75052a1
@braginini
Replace SSH port to 44338
98b003f
@braginini
Fix engine test on failing SSH server
56a6277
@braginini
Fix lint issues
bfdde79
@braginini
Decrease log level
9cb50c2
@braginini
Close SSH sessions on SSH server stop
823a343
@braginini
Fix Codacy issues
d370cd4
@braginini
Check if admin when running SSH
10829cb
@braginini
Fix SSH client on windows
9a188ef
@braginini
Remove panic when error on starting pty
8acfc30
@braginini
Disable SSH server on Windows - not supported
fbed2ae
@braginini
Skip SSH server test on Windows
60c9c45
@braginini
Avoid single letter variables
b92d9a9
@braginini braginini merged commit 06860c4 into main Jun 23, 2022
@braginini braginini deleted the feature/ssh branch June 23, 2022 15:04
pulsastrix pushed a commit to pulsastrix/netbird that referenced this pull request Dec 24, 2023
@braginini
NetBird SSH (netbirdio#361)
0361784 
This PR adds support for SSH access through the NetBird network
without managing SSH skeys.
NetBird client app has an embedded SSH server (Linux/Mac only) 
and a netbird ssh command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@braginini @mlsmaycon